My headers are not sent to my backend when I call the endpoints

0
votes

I'm trying to call a api endpoint of my firebase functions hosted backend but I'm having an hard time.

This is the code of my endpoint:

app.post("/hello", (req,res) => {
    console.log(req.headers);
    res.status(200).json({
        message: "Hello"
    })
})

I'm also setting up a check for auth token with a middleware like so:

app.use(validateFirebaseIdToken);
const validateFirebaseIdToken = async (req,res,next) => {
    console.log(req);
    functions.logger.log('Check if request is authorized with Firebase ID token');

    if ((!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) &&
        !(req.cookies && req.cookies.__session)) {
      functions.logger.error(
        'No Firebase ID token was passed as a Bearer token in the Authorization header.',
        'Make sure you authorize your request by providing the following HTTP header:',
        'Authorization: Bearer <Firebase ID Token>',
        'or by passing a "__session" cookie.'
      );
      res.status(403).send('Unauthorized');
      return;
    }
  
    let idToken;
    if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
      functions.logger.log('Found "Authorization" header');
      // Read the ID Token from the Authorization header.
      idToken = req.headers.authorization.split('Bearer ')[1];
    } else if(req.cookies) {
      functions.logger.log('Found "__session" cookie');
      // Read the ID Token from cookie.
      idToken = req.cookies.__session;
    } else {
      // No cookie
      res.status(403).send('Unauthorized');
      return;
    }
  
    try {
      const decodedIdToken = await admin.auth().verifyIdToken(idToken);
      functions.logger.log('ID Token correctly decoded', decodedIdToken);
      req.user = decodedIdToken;
      next();
      return;
    } catch (error) {
      functions.logger.error('Error while verifying Firebase ID token:', error);
      res.status(403).send('Unauthorized');
      return;
    }
}

In my axios request I'm doing this:

const headerAPI = {
  withCredentials: true,
  Authorization: `Bearer ${myToken}`
}
allInfo = await axios.post('http://localhost:5001/stormtestfordota/europe-west1/api/hello', headerAPI);

But even if I put the correct auth token I receive this in the console

{"severity":"INFO","message":"Check if request is authorized with Firebase ID token"} {"severity":"ERROR","message":"No Firebase ID token was passed as a Bearer token in the Authorization header. Make sure you authorize your request by providing the following HTTP header: Authorization: Bearer or by passing a "__session" cookie."}

And in my browser I get this error:

Access to XMLHttpRequest at 'http://localhost:5001/stormtestfordota/europe-west1/api/hello' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Even if I enabled CORS policies for localhost:3000.

Have you any idea why this is happening?

node.jsaxiosfirebase-authenticationgoogle-cloud-functions
Headers are supposed to be nested under 'headers' property. Also, where's your post payload?Wiktor Zychla